node-avro-io icon indicating copy to clipboard operation
node-avro-io copied to clipboard

Published 20 hours ago verified publisher icon jamesbrucepower

Upgrade to Lodash >= 4.17.15 to make this a friendlier transitive dependency

Open mdaum opened this issue 5 years ago • 1 comments

Recent vulnerabilities found in lodash have made having this library as a transitive dependency troublesome for projects using snyk to prevent vulnerable code from being released. I have made a PR upgrading from lodash 2 -> 4. The process was quite easy for the use cases of this library.

mdaum avatar Aug 20 '19 22:08 mdaum

https://github.com/jamesbrucepower/node-avro-io/pull/32

mdaum avatar Aug 20 '19 22:08 mdaum